Re: Time to remove LSM (was Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Sat, 22 Apr 2006 20:50:15 PDT, Crispin Cowan said:
>> What happens if I ln /bin/stty /tmp/evilstty, then exploit
>> vulnerability in stty? 

A crucial point here is that the 'ln' and the actual exploit don't
have to be firmly attached to each other...

If you can get *any* unconfined user to do that 'ln' (Hmm... have you checked if
your tar/cpio/pax/etc have been patched to prohibit this when you extract an
archive?), then the exploit can be run *even in a domain that can't do the ln
that set it up*.

> This is a really basic misunderstanding of AppArmor. All unconfined
> processes are considered trusted, so attacks that suppose an unconfined
> user did something very evil/stupid are not interesting.

Unfortunately, in the *real* world, "unconfined user accidentally runs
malware that sets up the conditions for a later exploit" is an actual
real problem.  I'm sorry to see that it's just swept under the rug as
"not interesting".

Now, if you changed "not interesting" to "so damned hard we couldn't figure
out how to deal with it", I'd have a bit of sympathy for the position... ;)

Attachment: pgpky21wgaXOJ.pgp
Description: PGP signature

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux